This Privacy Policy explains how Sibyl Private Limited (“Sibyl”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use the DuesPaid mobile application and related services (“DuesPaid” or the “App”).
Sibyl is the operator of DuesPaid and the organisation responsible for (the controller of) your personal data. We are based in Singapore and handle personal data in accordance with the Singapore Personal Data Protection Act 2012 (the “PDPA”). By using DuesPaid, you agree to the practices described in this Policy. If you do not agree, please do not use the App.
1Who we are
DuesPaid is a study-discipline mobile app that helps you run focused study sessions with attention checks, track points and streaks, compare progress on leaderboards, follow friends, and redeem points for rewards. DuesPaid is operated by Sibyl Private Limited, a company incorporated in Singapore. For the purposes of the PDPA and equivalent laws, Sibyl is the organisation responsible for your personal data. Our contact details are in Section 16.
2Information we collect
We collect only what we need to run the App. We do not use advertising trackers, and we do not track you across other apps or websites.
2.1 Information you provide
- Account & identity. When you create an account, our authentication provider (Clerk) collects your email address and a password — or, if you sign in with Apple or Google, the email address and name shared by that provider. If you choose phone sign-in, we collect your mobile number to send a one-time verification code. Your password is managed and stored by Clerk; we never see or store it.
- Profile details. Your display name and username, and optionally a short bio, profile photo (avatar), school, education level, and timezone.
- Content you create. Study-session notes, social feed posts, comments, likes, the people you follow, your custom study subjects, and any reports you submit about content or users.
2.2 Information we collect automatically
- Study & usage data. Details of your study sessions — subjects, start times, total/study/break durations, focus scores, attention-check results, points earned, and streaks.
- Device & notification data. A push-notification token for your device (so we can deliver notifications), your platform (iOS or Android), and — on iOS — a Live Activity token used to update the lock-screen timer card during a session.
- Diagnostic data. If crash reporting is enabled in a release, we use Sentry to collect limited technical information about crashes and errors (such as error messages and app state). This is configured to exclude personal identifiers and is used only to diagnose and fix problems. We do not collect behavioural performance traces.
2.3 Information we do not collect
We do not collect payment or financial information, precise location, your contacts, or camera, photo, or microphone data. DuesPaid contains no advertising SDKs and does not request App Tracking Transparency permission.
3How we use your information
We use your personal data to:
- create and secure your account and sign you in;
- run the core study experience — timers, attention checks, points, streaks, and focus scores;
- power the social features you choose to use — the feed, follows, comments, likes, and leaderboards;
- send notifications you have enabled (such as study reminders, follow activity, and reward updates);
- operate the points and rewards programme, including issuing redemption vouchers;
- keep DuesPaid safe — reviewing reported content, enforcing blocks, and applying rate limits to prevent abuse;
- diagnose crashes, debug, and improve the App; and
- comply with legal obligations and enforce our Terms of Service.
4Legal bases for processing
Under the PDPA, we rely on your consent — which you give by creating an account and using features — and on the PDPA’s legitimate-interests and related exceptions where appropriate (for example, to secure the service and prevent abuse). Where the EU or UK GDPR applies to you, our legal bases are: performance of our contract with you (to provide the App), your consent (for example, for push notifications), our legitimate interests (to keep the service safe and improve it), and compliance with legal obligations. You can withdraw consent at any time (see Section 9).
5How we share information
We do not sell your personal data, and we do not share it for advertising. We share data only as described below.
5.1 Service providers (sub-processors)
We use trusted providers to run DuesPaid. They process data on our behalf under contract:
| Provider | What they do | Privacy policy |
|---|---|---|
| Clerk | User authentication and account/identity management | clerk.com |
| Convex | Backend database, application logic, and hosting of your data | convex.dev |
| Expo (EAS) | Delivery of push notifications and app updates | expo.dev |
| Apple | Sign in with Apple, and Apple Push Notification service (including iOS Live Activities) | apple.com |
| Sign in with Google, and (on Android) push delivery via Firebase Cloud Messaging | google.com | |
| Sentry | Crash and error diagnostics (only when enabled in a release) | sentry.io |
5.2 Other users
Depending on your settings, other users can see your profile, study activity, posts, comments, and leaderboard standing (see Section 6). Your email address and phone number are never shown to other users.
5.3 Legal, safety, and protection
We may disclose data if required by law, regulation, legal process, or a government request, or where we believe in good faith that disclosure is necessary to protect the rights, safety, or property of our users, the public, or Sibyl.
5.4 Business transfers
If Sibyl is involved in a merger, acquisition, financing, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal data.
6Who can see your activity
You control much of what others see:
- Public vs. private account. If your account is private, only followers you approve can see your detailed activity and posts, and new follows require your approval.
- Leaderboards. You can choose whether to appear on leaderboards. Even when hidden, your own sessions still count toward your personal stats.
- Blocking. You can block another user to hide your content from them and theirs from you.
7Data retention
We keep your personal data for as long as your account is active and as needed to provide DuesPaid. Some records — such as your points ledger and study history — are kept as an accurate, append-only record while your account exists. When you delete your account (Section 8), we delete your personal data from our live systems, and residual copies in routine backups are overwritten on a rolling basis, normally within 30 days. We may retain limited information for longer where required to comply with legal obligations, resolve disputes, or enforce our agreements.
8Account & data deletion
You can delete your DuesPaid account at any time from within the App: go to Settings → Delete Account and confirm. This permanently deletes your profile and associated data — including your sessions, posts, comments, likes, follows, custom subjects, points and reward history, notifications, and device push tokens — and also deletes your identity record held by our authentication provider. Deletion is irreversible.
Need help? If you cannot access the App to delete your account, email us at dpo@duespaid.app and we will delete your account and personal data for you.
9Your privacy rights
Subject to applicable law, you have the right to:
- access the personal data we hold about you and request a copy;
- correct or update inaccurate or incomplete data (you can edit most profile data directly in the App);
- delete your account and personal data (Section 8);
- withdraw consent — for example, by turning off push notifications in your device settings, or by deleting your account; and
- lodge a complaint with a data protection authority.
Much of your data is directly viewable and editable in the App. To exercise any right you cannot complete in-app, email us (Section 16); we will respond within the timeframe required by law. If you are in Singapore, you may also contact the Personal Data Protection Commission (PDPC). Depending on where you live, you may have additional rights under laws such as the EU/UK GDPR or the California Consumer Privacy Act (CCPA); we honour applicable rights — just contact us.
10Children’s privacy
DuesPaid is intended for users aged 13 and older. It is not directed to children under 13, and we do not knowingly collect personal data from anyone under 13. If you are under 18 (or the age of majority where you live), you should use DuesPaid only with the involvement of a parent or guardian. If you believe a child under 13 has provided us with personal data, contact us and we will delete it.
11International data transfers
Sibyl is based in Singapore, but our service providers (Section 5) may store and process your data on servers located in other countries, including the United States. Where personal data is transferred outside your jurisdiction, we take steps to ensure it receives a standard of protection comparable to that required under the PDPA and other applicable laws, including through our contracts with these providers.
12Data security
We protect your data using encryption in transit and at rest, managed authentication (passwords are handled by Clerk and never stored by us), and access controls that limit who can reach production data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.
13Push notifications
With your permission, DuesPaid sends push notifications (such as study reminders and social activity). You can turn notifications off at any time in your device’s system settings, or by signing out, which removes your device’s push token from our systems.
14Third-party links & rewards
Rewards you redeem with points may be fulfilled by third-party merchants outside the App, and those merchants’ own terms and privacy policies apply to your dealings with them. We are not responsible for the privacy practices of third-party services or websites linked from DuesPaid.
15Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above, and for material changes we will provide a more prominent notice (such as an in-app message). Your continued use of DuesPaid after an update means you accept the revised Policy.
16Contact us & Data Protection Officer
If you have questions about this Policy or how we handle your data, or to exercise your rights, contact our Data Protection Officer:
- Sibyl Private Limited — DuesPaid
- Data Protection Officer: dpo@duespaid.app
- Web: https://duespaid.app